ODNI Tasks Researchers With Figuring Out How To Store Section 215 Collections Off-Site

from the still-looking-at-the-symptoms,-rather-than-the-sickness,-however dept

One of the few stipulations in Obama's NSA reforms was to transfer the Section 215 collections to a third party and out of the NSA's direct control. The assumption is that these records will be held by those generating them -- the telcos. But the telcos have made it apparent that, while they have no problem asking "how high" whenever the NSA says, "jump," they have no interest in storing the records onsite. The administration didn't specifically order anyone to take control of the records, basically punting the issue to Congress and the DOJ and "allowing" them to sort it out.

The Office of the Director of National Intelligence has paid at least five research teams across the country to develop a system for high-volume, encrypted searches of electronic records kept outside the government's possession. The project is among several ideas that could allow the government to store Americans' phone records with phone companies or a third-party organization, but still search them as needed.

These researchers' suggestions will be weighed against anything the DOJ or Congress has to offer, albeit with a slight hometeam advantage. There are some protections the ODNI has specified that may make its conclusions preferable to others, in terms of data security at least, and possibly provide more flexibility for shifting records to whatever entity(ies) is left holding the metadata bag.

Under the research, U.S. data mining would be shielded by secret coding that could conceal identifying details from outsiders and even the owners of the targeted databases, according to documents obtained by The Associated Press and interviews with researchers, corporate executives and government officials…

An encrypted search system would permit the NSA to shift storage of phone records to either phone providers or a third party, and conduct secure searches remotely through their databases. The coding could shield both the extracted metadata and identities of those conducting the searches, Bellovin said. The government could use encrypted searches to ensure that its analysts were not leaking information or abusing anyone's privacy during their data searches. And the technique could also be used by the NSA to securely search out and retrieve Internet metadata, such as emails and other electronic records.

This would ease the logistics problem and (theoretically) reduce the possibility of abuse. But it doesn't eliminate every problem, including the "why" of collecting and storing millions of irrelevant phone records. While it will reduce the odds of abuse, it doesn't eliminate that prospect. Another concern is the fact that the use (as opposed to the collection and storage) of the data will still be removed from any meaningful oversight.

On a more positive note, the encrypted search requirement would stave off hacking attempts and prevent the phone companies from knowing which records have been searched. Of course, while preventing the phone companies from knowing what's going on with their records does some damage to the recently loosened restrictions on government access reporting, it does at least eliminate one of the telcos' objections to maintaining the collected data onsite. (Although it can be argued that the telcos -- Verizon and AT&T especially -- have been so compliant over the years that storing data onsite won't be remarkably different than storing it at NSA data centers.)

There are some pluses to the ODNI's efforts, but the question of why the collection is needed still hasn't been answered. The administration's cosmetic reforms placed a few restrictions on the Section 215 program but completely avoided addressing the overall uselessness of the Fourth Amendment-skirting program. As the program morphs to meet the few requirements given, the NSA's supporters are likely to greet each change with more proclamations of the damage being done to national security. (Not that they haven't started already…)

Ultimately, the NSA has no need to keep the data onsite, considering it will now have to seek court approval before searching the database. It will still have some leeway to bypass the judicial constraints thanks to National Security Letters, but for the most part, it's a return to its 2009 restraints as ordered by FISC judge Reggie Walton after observing "systemic abuse" of the bulk records collections. With this in place, the agency can't really argue that uninterrupted, direct access is needed as it will be something it no longer has, onsite or not. Placing another small hurdle simply makes it a bit more difficult to abuse the collection and, after having free rein for so many years, a little friction is exactly what the agency needs to experience.

o rly

>> the encrypted search requirement would stave off hacking attempts

That would depend largely on whether (A) the encryption was intentionally crippled with a backdoor, and (B) a new high-value high-volume high-security database was of any interest as a target in a world full of highly-sophisticated hacker collectives.

Im sorry, but when was it decided that "telcos" could even STORE the data, beyond what is needed in order to make the system funtion as expected, unless they have and ive missed it, consider this....."sneaking it in"

what bollocks! unless this data mining and retention are stopped, the NSA and any other security agency that wants to will be sifting through them all, or have them sifted through with any and all results handed to them. it wont matter whose mails or whatever they have they will be scanned, sorted and stored so that every single innocent person, whether in or out of the USA is gonna be a suspected terrorist and/or criminal.as for the bit about 'anyone outside of the USA being fair game', i reckon the USA needs to watch itself. it may think everyone is fair game but it dont mean the other countries are gonna be compliant to those thoughts, especially after what has been revealed up to now over citizens and heads of EU countries! there could be a bigger heap of shit thrown America's way than it wants. it has struggled so far to retain that shit from really hitting fan, with only the thick fucking UK government under Obama's arse licker, Cameron, not going mad for obvious reasons. with the legal challenges going to be conducted in the not too distant future, the UK needs to watch it's step!!

And who will be paying for the servers needed to host the data?The government will, using funds currently dedicated to NSA's PRISM servers.

And guess what will happen once the telcos will have optimized the infrastructure to cut costs?

It is a way to tie the hands of the telcos to cooperate even more, as it sort of guaranties them possibly huge incomes, and even if it is not the case, the mere possibility that it could be used that way is frightening.

If decentralizing the storage sort of mitigates some risks of abuses from the NSA, it also dilutes responsibilities. It is currently hard enough to deal with the "NSA problem"; is it really a good idea to welcome a potential "NSA + every single telco problem"?

The coding could shield both the extracted metadata and identities of those conducting the searches, Bellovin said. The government could use encrypted searches to ensure that its analysts were not leaking information or abusing anyone's privacy during their data searches.

Aren't these statements in direct conflict? Even if someone who is not an "analyst" is technically making the search and reporting the data, how is hiding the identity of the searcher going to prevent leakers and/or abuse? Isn't that just shifting the risk of abuse and leakage to a third party? If the third party providing the search and the details of how the NSA is using the data are kept separate by being separate entities, I could maybe see an argument that leakers are reduced (no one has enough of the puzzle to form a complete picture). This is not the case for people abusing their access to the data, IMO.

Oh, great!

Re:

You have to understand how they think.

Before this, they were doing it all by their lonesome, behind a curtain so we couldn't see them violating our constitutional rights.

Well, now that they are getting called on this, they have to think of a way to keep doing what they are doing without looking like they are doing it. And they really, REALLY like that curtain, so they are going to drag it along with them, even though it doesn't make sense.

So, the new idea is to get it away from the NSA. And they will contract it. Planning stopped about three milliseconds before the plan reached this stage, so now we have a worse situation than we did before. Now we are having our constitutional rights violated at the same time as we lose more of our privacy, and at roughly the same cost, but with far more data breaches.

The solution is obvious, no?

Re:

My thoughts exactly. This just means that because the identities of who is conducting a search is concealed, there is no way to audit the searches to see if the search was made by a person who was authorized for the proper reasons. This makes it worse not better. Every search performed by every person needs to at least be logged so that it can be reviewed where the analyst conducting the search will have to prove that the proper procedures were followed, and proper authorizations were made (ie. case number of the investigation that it pertains to as well as the warrant that was issued that authorized it.)

Actually Totally Plausible

One could implement both of the following. The identity of who conducted any given search is hidden but only those with a manager level key can approve a search.

This would, indeed, be a good way to control so called LOVINT and other low level abuses that are in the news now. However, while creepy these abuses aren't the real danger. They merely demonstrate the danger posed by someone with manager level access engaged in something more diabolical than stalking potential or former lovers. While I suspect a knowingly evil/anti-US motive is unlikely it seems totally plausible that a manager could be convinced that some candidate would be a disaster for the US and use their position to spy on the least reputable associates of a political candidate.

However, the system could be designed so that the supervisors have the appropriate cryptographic keys to supervise their underlings.